Listing Description
Job Description: Facilitate the required steps of the RMF process, the Platform Information Technology (PIT) Certification services and other A&A processes (as applicable) that are associated with validation and sustainment of the cybersecurity authorization packages. Each package is a representation of a particular system (can comprise multiple devices, etc.) or a network (comprising various devices, etc.) that is required to achieve authorization in order to continue to operate in support of the NSWCDD mission. In some instances, an authorization effort may be required to follow one of several A&A process (RMF, Assess Only, PIT), or a joint A&A effort when the systems or networks comprise authorities under more than a single Authorizing Official.
Typical tasking includes, but is not limited to:
· Supporting architecture analysis and design of defense-in-depth solutions
· Developing and assessing system security plans including, security concepts of operation, risk management matrix, security control traceability matrix, security test procedures, and plan of action and milestones
· Analyzing static code scans and dynamic code scans to validate Application Security and Development STIG compliance
· Navy Qualified Validator (NQV) activities per NIST, and DoD security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) in support of the division’s Cyber Security team.
· Leading and coordinating security test event teams to achieve accreditation milestones
· Verifying and validating vulnerability resolutions and/or mitigation
· Ability to effectively develop system security plans, procedures, and other security documentation.
· Resolve non-routine problems with area of assigned responsibility and timely direct complex problems, questions, or complaints to Program Manager.
Desired Requirements:(ESY3)
· Six (6) years related practical experience in Cybersecurity, Engineering Test and Evaluation (T&E), or A&A related field.
· Three (3) years DOD specific experience performing validator tasks with C&A and/or A&A Packages.
· Knowledge of Risk Management Framework (RMF) and experience with Interim Authority To Test (IATT), DoD Information Assurance Certification and Accreditation
· Process (DIACAP) and Platform Information Technology (PIT) Systems.
· Experience should include direct Validator knowledge and experience utilizing the Navy’s instance of eMASS.
· Must have a Navy Validator Level II or III Certification
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided